1 Workshop on Resilient Financial-Information Systems Sponsors: Treasury Dept. and NSF Dates: March 7 and 8, 2005 Location: Treasury Dept. Headquarters,

Slides:



Advertisements
Similar presentations
Vehicle-infrastructure integration: creating co-operative mobility systems and services Hearing EU Parliament, 22 January 2009 Hermann Meyer, CEO.
Advertisements

Network Science and Engineering (NetSE) Research Agenda: v1.0 5 th GENI Engineering Conference Seattle, WA 21 July 2009 Ellen Zegura, Georgia Tech.
Catalyzing Transformation Undergraduate Biology Education Judith A. Verbeke, Acting Division Director Division of Biological Infrastructure Biological.
1 Moderated by Gordon Gillerman National Institute of Standards & Technology November 10, 2010 Ninth Annual ANSI-HSSP Plenary: U.S. European Collaboration.
COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
GENI: Global Environment for Networking Innovations Larry Landweber Senior Advisor NSF:CISE Joint Techs Madison, WI July 17, 2006.
Workshop 501 and 505 Review barriers to communication
EInfrastructures (Internet and Grids) US Resource Centers Perspective: implementation and execution challenges Alan Blatecky Executive Director SDSC.
New York State Workforce Investment Board Healthcare Workforce Development Subcommittee Planning Grant Overview.
G Robert Grimm New York University Using Encryption for Authentication in Computer Networks.
1 GENI: Global Environment for Network Innovations Jennifer Rexford Princeton University
Using Digital Credentials On The World-Wide Web M. Winslett.
Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
Overview Summary from Africa and ASEAN assistance Dr. Peter Pembleton, UNIDO.
Join Our Research Efforts in CCAA to Improve Cybersecurity Robustness, Resiliency and Management in Enterprises Information Slides to Encourage Your Organization.
Engineering & Physical Sciences Research Council.
EU cooperation, EU projects and their implications Simone Fischer-Hübner Karlstad University.
CNRI Handle System and its Applications
US NITRD LSN-MAGIC Coordinating Team – Organization and Goals Richard Carlson NGNS Program Manager, Research Division, Office of Advanced Scientific Computing.
Research Problems in Information Assurance Talk for the second year DPS students Li-Chiou Chen Seidenberg School of Computer Science and Information Systems.
Chinese-European Workshop on Digital Preservation, Beijing July 14 – Network of Expertise in Digital Preservation 1 Trusted Digital Repositories,
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
CS CS 5150 Software Engineering Lecture 18 Security.
Click to add title Policies to support local energy systems: do they go far enough? Jim Watson, Research Director UK Energy Research Centre EG&S KTN Annual.
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
UNECE-e8-EBRD-WEC Clean Electricity Production Forum: Fostering Investment in Electricity Generation in Central and Eastern Europe and Central Asia Geneva,
State Alliance for e-Health Conference Meeting January 26, 2007.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Homeland Security UNCLASSIFIED United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cyber Security and the Marine Transportation System.
Research Recommendations for the Broadband Taskforce Agenda November 23, 2009.
Doc.: IEEE xxxxx Submission doc. : IEEE Nov 2012 Slide 1 Project: IEEE P Working Group for Wireless Personal Area.
Sponsored by the National Science Foundation GEC16 Plenary Session: GENI Solicitation 4 Tool Context Marshall Brinn, GPO March 20, 2013.
New Cryptographic Techniques for Active Networks Sandra Murphy Trusted Information Systems March 16, 1999.
Cryptography and Network Security (CS435) Part One (Introduction)
1 International negotiations on post 2012 regime: general framework and the key questions Ruta Bubniene, Programme officer Reporting, Data and Analysis.
Promotion of an ICT dialogue between Europe and Latin America Horizon 2020 Dr. Margaretha Mazura, EMF Project Angels Webinar, 13 December 2012.
First meeting of the south-south-eastern ENPI CBC NIPs networks Florence, 23 June 2009 WORKSHOP Promoting viable and effective trans-national partnerships.
GSC Global Standards Collaboration GSC August – 2 September 2005 Sophia Antipolis, France August 28 – September 2, ISACC Opening Plenary Presentation.
DriveSense’14 NSF Workshop on Large-Scale Traffic and Driving Activity Data DriveSense’14, Oct 30-31, Norfolk, VA.
Aligning Research and Funding Megan Alderden, Ph.D., Research Director Ronnie Reichgelt, Victim Services Program Administrator Illinois Criminal Justice.
Institutional affiliation Date.  Security is very important as it keeps your secret from other know.  An insecure network exposes a business to various.
Strengthening the Strategic Cooperation between the EU and Western Balkan Region in the field of ICT Research Key Barriers & Challenges in ICT Research:
Introduction to Information Security
SEC835 Security in Databases and Web applications Presentation.
E VALUATING YOUR E - LEARNING COURSE LTU Workshop 11 March 2008.
Topic 3A SEMANTIC INTEROPERABILITY: REUSE OF EHR DATA Mats Sundgren.
Why Community-University Partnerships? Partnerships Enhance quality of life in the region Increase relevance of academic programs Add public purposes to.
Security at Line Speed: Integrating Academic Research and Enterprise Security.
Alignment of Course Standards and Assessments Overview of CTE Task Group.
Standards Education 18 March 2009 Steve Mills, Chair, SEC Standards Board Forum.
NSF Middleware Initiative Purpose To design, develop, deploy and support a set of reusable, expandable set of middleware functions and services that benefit.
Access The L Line The Express Line to Learning 2007 L Line L © Wiley Publishing All Rights Reserved.
Telecommunications for Disaster Relief Page - 1 International Telecommunication Union Workshop on Telecommunications for Disaster Relief, February.
30 November 2001 Advisory Panel on Cyber Infrastructure National Science Foundation Douglas Van Houweling November 30, 2001 National Science Foundation.
Accessible and Inclusive ICT European Commission, DG Information Society and Media ICT for Inclusion Unit (H3) Challenge 7 ICT Call 2 Information day Brussels,
Cyber in the Cloud & Network Enabling Offense and Defense Mark Odell April 28, 2015.
Sponsored by the National Science Foundation GENI Cloud Security GENI Engineering Conference 12 Kansas City, MO Stephen Schwab University of Southern California.
API Task Force Josh Mandel, Co-Chair Meg Marshall, Co-Chair December 4, 2015.
December 14, 2000Securely Available Credentails (SACRED) - Framework Draft 1 Securely Available Credentials (SACRED) Protocol Framework, Draft Specification.
1 Integrated Mental Health Records Val Banks And Nita Boolauky Joint Project Managers Shropshire County Council.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
Session 1: Technology Development August 15 NSF Workshop.
 Understanding the Legal and Liability Challenges of CO 2 Storage in Europe From the Industry’s Viewpoint Marko Maver University of Sheffield School of.
Research and development activities in the field of information security Manuel Carvalhosa European Commission Information Society and Media Directorate-General.
André Hoddevik, Project Director Enlargement of the PEPPOL-consortium 2009.
Teaching Network Security - Lessons Learned Homeland Defense and Security Education Summit February 27 &28, 2007 Margaret Leary Associate Professor Northern.
A project funded by the European UnionImplemented by a consortium led by Finding partners and building partnerships Estonia – Russia CBC Programme, Partner.
Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006.
Introduction of ISO/IEC Identity Proofing
Presentation transcript:

1 Workshop on Resilient Financial-Information Systems Sponsors: Treasury Dept. and NSF Dates: March 7 and 8, 2005 Location: Treasury Dept. Headquarters, Washington, DC Session Topic: Large-scale ID Theft Session Chairs: Steve Bellovin and Joan Feigenbaum

2 ID Theft in the Financial Industry Essentially not a new problem Large-scale authentication and authorization (A&A) systems are hard to build, deploy, and use. See two relevant NRC reports: Research is ongoing in authentication and authorization. The financial industry should consider participating in it, through academic- industrial partnerships and grants.

3 Some (Known) Goals and Challenges Improve the security of foundation documents. Improve the human-factors aspects of A&A systems. –Need experimental work on how users perceive trust. –Need experimental work on how and why servers accept credentials. –Need work on human-factors aspects of system administration. Provide better ways to create and manage private-public key pairs, e.g., to enable users to control client-side certificates.

4 Goals and challenges (2) Experiment with technology that enables large-scale, asymmetric A&A. Improve regulation and/or liability to require and/or encourage those in a position to prevent ID theft to do so. –Align contol and incentives. –Design network protocols that allow the appropriate incentives to be expressed. Insist that “ID systems” be well defined and well understood; avoid function creep.

5 Goals and challenges (3) Improve understanding of long-lived and infrequently used A&A information. Improve fallback A&A systems, which are currently slow and insecure. The fallback system should be at least as secure as the standard system. Narrow the security gap between computers and their users.

6 Goals and challenges (4) Improve information-sharing capabilities in the context of A&A. –Explore applicability of secure, multiparty protocols in the financial-industry context. –Explore extensions of current trusted- third-party models to information sharing. Are there legal and business barriers?

7 Goals and challenges (5) Improve human interface to and usability of security systems.

8 Phishing is a Problem A large part of the problem is the lack of usable bi-lateral authentication. You can’t trust your computer, and neither can the authenticator. What you see is NOT what you get. The need to test and deploy anti-phishing tools is an opportunity for academic-industrial cooperation. Need large-scale experiments with real systems to evaluate attacks and defenses.

9 Research program structure We need new modes of funding and doing research. Interdisciplinary and cross-sectoral. Propose projects jointly led by researchers, financial-sector professionals, and government program managers. Potential model: NSF digital-government program.